Description
Symptoms
Windows classification probe error "The result file can't be fetched because it doesn't exist"
Release
Madrid Patch 3 and newer releases
Cause
Windows administrative shares are hidden server resources that Discovery uses to temporarily store the results of processes run by specific probes. The MID Server script file LaunchProc.psm1 launches the process, writes its output to the administrative share on the machine, and then retrieves the results for the MID Server. Access to administrative shares is restricted to users with administrative rights to the target, such as users, local or on the domain, who belong to the local Administrators group.
With the Madrid patch 3 release, all Windows probes that use WMI protocol call the LaunchProc.psm1 script file and use the $admin share folder as default. The "Windows - Classify" probe uses WMI protocol and thus need access to the discovered computer admin share.
The admin share was already necessary for many of the windows probes for previous releases.
Resolution
From the MID server and with the same account used by discovery, ensure the user account used for discovery can:
- Access/Create files on the target hostÂ
\\<ip_address>\admin$\tmp